Denial Engine

Architecture · v2

HIPAA-aware denial management

The portfolio demo runs on synthetic denials so it never breaks and never touches PHI. Below is the production path it stands in for — the choices a real deployment would make to handle protected health information legally and safely. HIPAA-aware, not HIPAA-certified: there is no such certification body, and any real claim of compliance comes from signed BAAs and SOC 2 / HITRUST audits, not a marketing label.

Rule 0: PHI never leaves a BAA-covered endpoint.

No pasting denial letters, EOBs, or claim context into public ChatGPT, Gemini, Grok, or Claude.ai. If a tool that touches the request body doesn't have a signed BAA, the only thing that can reach it is data run through the Safe Harbor de-identification step first.

Data flow

Customer-tenanted VPC · BAA in place · audit log everywherePayer / CH835 · EOB · appealIngest gatewayTLS, validatePHI minimizationstrip member, MRNModel (BAA)Bedrock / Azure / VPCRulesCARC · policyHuman reviewerreview · edit · submitAudit logimmutableEncrypted storeAES-256, KMS
  1. Denial intake.A denial arrives as an 835 electronic remittance from the clearinghouse, a scanned EOB / paper denial letter, or a payer-portal export. The payload carries CARC/RARC codes, the payer's stated reason, and enough claim context to identify the original submission.
  2. Ingest gateway. Receives the denial inside the customer-tenanted VPC, validates payload, stamps a correlation ID, writes an immutable audit record, and stores the raw denial encrypted at rest (AES-256, customer-managed KMS key).
  3. PHI minimization. Strip the 18 Safe Harbor identifiers (§164.514(b)(2)) before the prompt: member names and IDs, geographic subdivisions smaller than state, dates more precise than year, phone, fax, email, SSN, MRN, account, plan number, device identifiers, URLs, IPs, biometric IDs, photos, and any other unique identifying number. The model sees the denial reason, the CARC/RARC codes, and the de-identified claim context — not the patient or subscriber identity.
  4. Model serving (BAA gate). Calls go to a foundation model under a signed BAA — Gemini via Google Vertex AI (HIPAA-eligible under a Google Cloud BAA), Claude via AWS Bedrock, GPT-class via Azure OpenAI Service, or a self-hosted open model (Llama-3, Mistral) inside the VPC. The public Google AI Studio / Anthropic / OpenAI APIs without a BAA are not a permissible path. The demo on this site uses Google AI Studio because its inputs are synthetic; the only change to run in production is the SDK endpoint and a signed BAA.
  5. Policy & rule engine.The three model steps (analyze → correct → appeal) propose a root cause, a corrected claim, and an appeal letter; a deterministic post-processor validates suggested CPT / ICD-10-CM / HCPCS against current catalogs, checks the CARC/RARC interpretation against the payer's published policy and the relevant LCD, and confirms the appeal respects the payer's filing deadline. Rule violations become flags shown to the human reviewer.
  6. Human-in-the-loop review. Every AI-suggested correction and appeal is validated by a certified coder or denial specialist before anything is submitted — AI proposes, a human decides. The reviewer sees the supporting evidence from the denial text and chooses to accept, edit, or reject the suggestion. Rejected suggestions are logged back to the vendor for accuracy tuning.
  7. Submit correction / appeal. The corrected claim posts back through the clearinghouse as a resubmission, or the appeal packet routes to the payer's appeals channel (portal upload, fax, or mail). The denial status updates and the case is tracked to resolution. Every read, write, decision, and outbound call is in the audit log.

The HIPAA controls that actually matter

Business Associate Agreement

Signed BAA with the covered entity before any PHI moves; cascading BAAs with the cloud provider and the model provider. A vendor that won't sign is disqualified — full stop.

Encryption in transit & at rest

TLS 1.2+ everywhere, AES-256 at rest with customer-managed KMS keys. Object-level keys for denial storage so a breach radius is one record, not a bucket.

Access controls & audit logs

RBAC with MFA, least-privilege IAM. Every PHI read/write/decision logged with user, timestamp, and correlation ID — but log records reference a hashed correlation ID, never the denial body. Logs themselves write-once, append-only.

BAA-gated model serving

Inference goes to Bedrock / Azure OpenAI under BAA, or a self-hosted model in a HIPAA-eligible VPC. Public Anthropic / OpenAI APIs are off-limits for PHI.

Data minimization

Send only the denial reason, CARC/RARC codes, and de-identified claim context. Strip member ID, MRN, and account numbers before the prompt. The model never needs the patient's identity to correct a claim.

SOC 2 Type II + HITRUST

Self-attested HIPAA + third-party audited security controls. Penetration testing, employee training, breach notification procedures. The paperwork is the moat.

BAA: the clauses that actually matter

“HIPAA-eligible” is a vendor checkbox. The BAA is where the eligibility is enforced. Four clauses I look for before signing:

  • No training on PHI. The vendor cannot use customer prompts, completions, or any payload-derived data to train, fine-tune, or evaluate models — for this customer or any other.
  • No retention after task completion. PHI is held only as long as needed to return the response, then deleted. Any cache (prompt cache, KV cache, batch buffer) is scoped to the request and purged.
  • No commingling across tenants. Tenant data is logically isolated; no shared embeddings store, no shared evaluation set, no “learn from all customers” feature.
  • No PHI in vendor logs. Whatever the vendor logs for debugging, abuse detection, or analytics excludes request/response bodies — or hashes them. PHI in a log line is still a breach.

If a vendor won't put these in writing, the tool is for synthetic or de-identified data only. That covers prototyping; it does not cover production.

Ongoing compliance

  • Annual security risk assessment. Per §164.308(a)(1)(ii)(A), the SRA runs at minimum yearly — re-map data flows, re-check access controls, re-verify that every PHI hop still ends at a BAA-covered endpoint.
  • Re-assess when a vendor turns on an AI feature. A denial or billing tool that adds an “AI assist” toggle six months after contract signing is a new data flow, even if the vendor calls it an “enhancement.” Trigger an out-of-cycle SRA and confirm the BAA still covers the new processing path.
  • BAA refresh on vendor change. Sub-processor list changes, new AI capabilities, new data residency — any of these require revisiting the agreement, not waiting for the renewal date.
  • Reject-flag feedback loop. Reviewer rejections and edits feed back to the vendor as accuracy signal — without sending the underlying PHI. The signal is “this correction was wrong in context Y,” not the denial letter.

From this public demo to a private BAA testbed

The site you're reading is a public demo on synthetic data. If a prospect signs a BAA and wants to evaluate against real denials, the live data does not go through denials.usesmpt.com. The codebase deploys a second time into a private environment with different config. The deltas:

ConcernPublic demo (this URL)Private testbed (post-BAA)
HostHostinger shared VPS — no HIPAA BAA availableAWS / GCP / Azure region under a signed BAA
Model endpointPublic Gemini API (not BAA-eligible)Vertex AI, Bedrock, or Azure OpenAI under BAA
PHI guardSafe Harbor detector blocks submissionDetector still runs, but as audit-only logging — PHI is permitted
Banner“Synthetic data only — no PHI”“Authorized BAA testing · Client: ⟨name⟩ · Engagement: ⟨id⟩”
AccessOpen to the public internetIP allow-list, basic auth or SSO, optionally mTLS
Audit logDev-only console outputAppend-only log: timestamp, user, hashed correlation ID, outcome — never the denial body
Data retentionNo persistence — request-scopedConfigurable per engagement (default: no persistence; opt-in encrypted store for QA review)
URLdenials.usesmpt.comdenials-private.⟨client⟩.usesmpt.com or per-client subdomain

The codebase is one deploy target; the surrounding infrastructure is what changes. Standing up the private testbed is a config swap and a DNS record, not a rewrite — typically a one-day setup after BAA execution.

Honest limitations of this prototype

  • No live payer integration. Nothing is submitted anywhere. The corrected claim and appeal packet are generated for inspection, not transmission. A production build would post resubmissions through a clearinghouse and route appeals to each payer's channel.
  • No live catalog / policy lookup. Suggested CPT and ICD-10 codes are not validated against current AMA/CMS catalogs here, and CARC/RARC interpretation isn't checked against live payer policy or LCD tables. That deterministic layer is the next step.
  • Synthetic denials only. All sample EOB excerpts and claim contexts were written for this demo. No real payer correspondence and no PHI is, has been, or will be processed by this app.
  • Three single-shot calls, no agent loop. Each step is one model call with the prior step's result as input. No retry beyond transient-error backoff, no critic pass, no tool use. Deliberate simplicity for v1.
  • Outpatient scope. The samples model outpatient professional-claim denials. Facility, DME, and specialty-specific denial patterns each need their own evaluation.

What this demonstrates

The model can call APIs — that's the easy part. What separates a credible build from a demo screenshot is: a denial workflow broken into explicit, inspectable steps (analyze → correct → appeal), output grounded in the actual denial text rather than invented, an exportable case packet a human can defend, and an architecture that names where the PHI goesat every hop. That's the gap I'm optimizing the demo and this page to close.